02'/ 03. 



1/2095 20: 08 



512-322-8211 



ANTHONY ENGLAND 



PAGE 02 



Application No.:09/940,706 
Filing Date: 08/28/2001 



Docket Na: JP920010196US1 



TN THE CLAIMS 



Please amend the claims as set out below: 

1. (currently amended) fe^-A.method for providing secure authentication* using digital 
eertflBea k*, m in uj i o v u ncnt to enable th e s elective transfer of authentication data- the method 



transaction between the first computer and a second compute r, wherein the receiving is by the 
second computer, the secure transaction is during a certain communication session between the 
first and second computer, and the basic authenti cation data has been certified by an accepted 
certifying aiithnrit y 1 and wherein the basic authentication data includes a public key of the first 
com puter for permitting a first type of access bv the first computer to an application provided bv 
the second computeri r flt the commencement of a secure t r ansaction, 
b^ storing a copy of the first co mputer's public kev: 

c'l requesting, bv the second computer during the communication session, an additional 
individual authentication data unit from the first computer, wherein the additional individual 
authentication data unit is for permitting a second type of access bv the first computer to an 
application provided bv the second computer: 

d) transfe r o f receiving the additional individual authentication data uni te by the second 
computer from the first computer against specifi c f cquc3tsL and 

verifying authenticity of the additional individual authentication data unit, wherein c'l 

includes storing the first computer's public key bv the second comput er during the certain 
communication session, and the verifying includes verifying the additional individual 
authentication data unit by the second computer using the second computer's stored copy of the 
first computer's public kev during the certain commuriication session and without the second 
computer obtaining another copy of the public key, as and - when required, 

thereby eliminating the risks associated with providing any authentication data that is not 
fcquircd for a particular transaction. 



comprising: 




Fjreceiving b asic authentication dat a from a first compu ter for a secure 
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2. (currently amended) The improved method as claimed in claim 1 wherein the secQudtvpe 
»r *rr»*« includes an ac c »™ far an application m which a digital credit card is used for a 
gurdia^d ulli uU lcity of said additi o nal individual auth e ntication data is establishe d by using the 
p ublic key provided in said basic authentication data : 

3. (currently amended) The improved m ethod as claimed in claim U wherein the authenticity 
of said additional individual authentication data is established by .signature of said accepted 
certifying authority. 



! 4. (currently amended) Hie improved method as claimed in claim 1 wherein the second type 
of access includes an access for an application in which an email message is secu rely transmitted. 
_said additional individual authentication data is provided without the need fo r establishing a 
separate session. 

i 

: . 5, (currently amended) The improved method as claimed in claim 1 , wherein the 
authentication data includes an identity certificate, and the method includes: 

receiving, bv the second computer* a command from the first computer for the second 

computer to invalidate a previously presented identity certificate: and 

receiving, bv the second computer* a new identity certificate from the first computer to 
replace the invalidated identity certificate, wherein the command to invalidate and the new 
identity certificate are both received bv the second computer during the certain communication 
session. fiirthcr comprising the facility to invalidate previou s ly presented authentication data and 
present new authentication data and present new authentication data a$ and wh e n r equired, 
thereby enab li ng establishment of new transac t ions without the need for closing an existing 

: session, 

6. (currently amended) Jn-aA system for providing secure authentication^ u s ing digital 
certificates, an improvement to enable the selective transfer of authentication data the system 
comprising: 
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| means forp^rtfe^^ authentication data from a first computer for a ? ecure 

| ^n^tin, between first computer and a second cpmpn^r wherein the receiving is by t he 

I y ^nH computer, ^ure transa ction is during a ce rtain commutation session v etwee tt fte 

| firftf a|id second cmTi p11tw , flnd th e basic authentication data hag beencertified by an accepted 

] rntifyinc nuth-rrity , ™Win the, basic aut h e n t i cation d ata includ es a p ublic key of the first 

™ r pit^ far fitting a fir* ty pe of access hv the first computer to an application provided bv 

tfr ft <u>cnnd com puter a l lliu commencement of a secure transaction,; 

means for stor ing a copy of the first computers public K ey; 

means for requesting, bv the second computer during t he communication session, an 
additional individual authentica ti on data uni t from the first computer, wherein the additional 
indiv idual authentication data unit is for permitting a second type of access bv the first computer 
to an application provided bv the second computer: 

means for receiving the t ransfer r ing additional individual authentication data unite bv the 
second computer from the first computer: an d again3t specific requests, aa and when required, 

means for verifying authenticity of the additional individual authentication data unit 

wherein the storing means includes means for storing the first computer's public key bv the 
Second computer during the certain communication session, and the means for verifying includes 
pieans for verifying the additional individual authentication data unit bv the second computer 
using the second computer's stored copy of the first computer's public key during the certain 
communication session and without the second computer obtaining another copy of the public 
to 

thereby eliminating the risks associatod - with p r oviding any authentication data that is not 

required for-fry articular tran s action. 

7. (currently amended) The imp r oved s ystem as claimed in claim 6 wherein th e second type 
of access includes an access for an application in which a digital credit card is used for a 
purchase- a uthenticity of said additional individual authentication data is established by using the 
public key provided in said basic authentication data: 
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j 8. (currently amended) The impreved-system as claimed in claim 6, wherein the authenticity 
of said additional individual authentication data is established by means of signature of said 
accepted certifying authority. 



9. (currently amended) The 4mpreved-$ystem as claimed in claim 6 A wherein Jhe second 
type of access includes an access for an application in which an email message is securely 
transmitted, s aid additional individual authentication data is provided without the need fo r 
e stablishing a separate session. 

10. (currently amended) TT^ improved s ystem as claimed in claim 6 . wherein the 
authentication data includes an identity certific ate, and the system includes: 

means for receiving, bv the second compu ter, a command from the first computer for the 
second computer to invalidate a previously presented identity certificate: and 

means for receiving, bv the second computer, a new identi ty certificate from the first 

computer to replace the invalidated identity certificate, wherein the command to i nvalidate and 
the new identity certificate are both received bv the second computer during the certain t 
communication session T uithcr com p rising the means for inval i dating p reviously presented 
authentication data and present new authentication data and present new authentication data as 
and when required, thereby enabling establishment of new transactions without the need fo r 
etosing an existing session^ 

1 1 . (currently amended) Atn-a computer program product comprising computer readable 
program code stored on computer readable storage medium embodied therein for providing 
secure authentication* using digHal certificates, an improvement to enable the selective transfer 
of authentication dat at he computer program product comprising: 

computer readable program code means configured for presenting receiving basic 
authentication data froi ?! a first computer for a secure transaction between the first computer and 
a second computer, wherein the receiving is bv the second computer, the secure transaction is 
during a certain communication session between the first and second computer, and the basic 
authentication data has been c ertified by an accepted certifying authority, and wherein the basic 
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1 authentication data includes a public kev of t h e first computer for permitting a first type qf access 
I hv Ae firgt CQ m pilter tQ an application provided bv the second computer ul Uie commcaccmcnt of 
| ft' sccurc t r ansacti o n, 

| computer readable program code means configured for storing a copy of the first 

com puter's public kevi 

computer readable program code means configu red for requesting, by the second 

com puter during the communication session, an additio nal individual authentication data unit 
from the first computer, wherein the additio nal individual authentication data unit is for 
permitting a second tvne of access bv the first compu ter to an application provided by the second 
computer: 

computer readable program code means configured for trmisfcmn g receiving the 
additional individual authentication data unit s bv the second computer from the first computer; 
ajid against specific requests, as and when required, 

computer readable program code means configured for verifying authenticity of the 

additional individual authentication data unit, wherein the computer readable program code 
means configured for storing a copy of the first computer's public kev includes computer 
readable program code means configured for storing the first computer's public kev by the second 
computer during the certain communication session, and the verifying includes verifying the 
additional individual authentication data unit bv the second computer using the second 
computer's stored copy of the first computer's public key during the certain communication 
session and without the second computer obtaining another copy of the public key. t hereby 
el i minating the risks associated with providing any authentication data that is not required fo r a 
particular transaction. 

12. (currently amended) The improved computer program product as claimed in claim 1 1 A 
wherein the second type of access includes an access for an application in which a digital credit 
card is used for a purchase. a uthcnticitv of said additional individual authentication data is 
established by using the public key p r ovided in s aid basic authentication data. 
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13. (currently amended) The tmpfered^computer program product as claimed in claim 11, 
wherein the authenticity of said additional individual authentication data is established by 
signature of said accepted certifying authority. 

14. (currently amended) Hie unproved computer program product as claimed in claim 1 U 
wherein the second type nf access includes an access for an applic ation in wfrjch a distal credit 
card is used for a purchase ^ aid additional individual authentication data is p r ovided without the 
need for C3tabli3hing a separate ocooton. 

15. (currently amended) The improved computer program product as claimed in claim 1 l x 
\vherein the authentication data includes an identity certifi cate, and the computer program 
product includes: 

computer readable program code means configured for receiving, by the second 

computer, a command from the first computer for the seco nd computer to invalidate a previously 
presented identity ce rtificate: and 

computer readable program code means configured for receiving, bv th e second c omputer, a 
new identity certificate from the first computer to replace the invalidated identity certificate, 
wherein the command to invalidate and the new identity certificate are both received bv the 
second computer during the certain communication session, f urthe r comprising the computer 
re adable program code means configured for invalidating previou s ly p r esented authentication 
j data and present new authentication data and present new authentication data as and when 
required, the r eby enabling establishment of new transactions without the need for closing an 
existing session. 
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